how to forcefully log out in admin module?

i am making an application in which admin can forcefully log out the online user .
because only one user can login only one time by using same id and password

so my database design is like this table name:user maintenance
colunm name is
userid: flag : logintime :logouttime

algorithms for this is like
1) by default flag is 'y' so when user going to login check it is set to 'y' or when it is log out it will set to 'N'
2)after session time out to set flag i am using listener which set the flag automatically 'Y' after session time out
3) so for me online user = select * from usermaintenance where flag = 'N' which will be seen to admin

but my doubt is that some user directly close the browser and go , so he actually not online but he will be count as online because flag for them is still set to 'N'

SO My concern is that how any java/j2ee approach we can differentiate between real online and such user which can close the browser

Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.

olivier dutranoit wrote:the only thing you can retreive, i think, is the session id? right?

Not right.

Unless you are using a very old version of a servlet container.

And if you are you have two choices.

1. Upgrade.
2. Store user information with the session id in a persistent storage so that you can look it up.

shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 49

posted Sep 30, 2011 10:45:29

0

Bear Bibeault wrote:You'll need to rely upon the session timeout.

thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online

so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks

shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 49

posted Sep 30, 2011 10:47:02

0

Paul Clapham wrote:Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.

thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online

so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

Bear Bibeault wrote:In either case, set the value to 'N'. Problem solved.

no , N for online and after closing browser how i can set the value in data base by using code

thanks

shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 49

posted Sep 30, 2011 10:53:52

0

Paul Clapham wrote:Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.

thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online

so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

I don't really understand any of that. It sounds to me like you are trying to make your users follow a rule which says they must log out from your system before they close their browser.

If so, then don't do that. Give them a logout button, sure, but don't make it a rule that they must log out. There's no point in doing that because (a) people won't always bother with it, and (b) sometimes it's impossible because the web connection went down.

If you need to keep track of what users are online, then a user goes offline when they log out or when their session expires. Are you trying to do something other than that? Because you're wasting your time if you are.